IT Should Just Say No to Android

As a long-time user of Gmail and several other Google services, I've come to appreciate the company's Spartan UIs, ever-evolving capabilities, and pervasive integration. This is online services done right—and while I'll reserve an examination of Google's business-oriented Google Apps service for a future Office 365 comparison piece, suffice it to say that the online giant is doing something right besides selling ads attached to search results.

Stray a bit farther from the Google services nest, however, and things get a bit messier. And in the case of Android, Google's mobile OS, things aren't just messy. They're disastrous.

Not from a business perspective, of course. According to Google, it's now activating over 550,000 Android OS-based devices every single day. That's more than double the rate at which Apple activates iOS devices (such as the iPhone and iPad) and good for almost 200 million units per year. Two hundred million.

No, I don't like Android. I don't like the silly number of UIs, OS versions, the different phones that seem to appear every single week, each one-upping the previous "best smartphone ever" with the additional of a single new feature, like a 1/10th of an inch larger screen, 4G hot spot, NFC, whatever. The market for Android devices is impossible to keep up with. And that's just the phones.

But my beef with Android this week is a bit different. Thinking just of IT—that is, the people who need to support the deployment and management of mobile devices—Android is a disaster waiting to happen. And if you're in one of those forward-leaning (or, frankly, smaller and newer) businesses in which the consumerization of IT is more reality than theory, chances are that you've already got Android all over the place. It's embedded in your organization. You know, like a tick.

I can't roll back the clock. But I can tell you that I think Android is far too dangerous to allow anywhere near your vital corporate data. Then, it’s up to you to decide what you should do.

Remember when Windows used to be the number-one target for malware writers? That day is long over. On the PC, hackers have moved on to lower-hanging fruit, which mostly consists of popular applications such as Adobe Reader and Flash. But hackers are also investigating mobile devices. And no mobile platform is more popular or less secure than Android. According to smartphone security firm Lookout, Android malware is skyrocketing, and attackers are taking control of phones and users' personal data, including financial data. Malware is easy to deploy via Android for a number of reasons, but one of the biggest gaffes, I think, is the open nature of the platform, which makes it easier for users to install apps from untrusted sources. On curated platforms such as iPhone or Windows Phone, this can't happen unless the user explicitly jailbreaks the device.

But it's not just that. Platforms such as iOS (iPhone) and Windows Phone OS implement sandboxing techniques to ensure that individual applications are isolated from each other and from the host OS. On Android, apps present the user with a list of required permissions when installed. These permissions provide the apps with access to vital on-device data stores. Expecting users to make an educated decision every single time they install a mobile app is a bit of a stretch. It's like asking them if they'd like to turn off User Account Control (UAC) for particular Windows apps. You know they'd always make the wrong decision.

In the good old days, when you chose a platform vendor, you chose a company you trusted—IBM, Microsoft, VMware, whatever—because you had a history with that company or you knew others who did. But who exactly owns the Android OS that's on your devices? The OS is given away for free, to anyone who wants it, and it can be modified in any number of ways before reaching users via any number of devices. Each of these Android installations uses a different OS version and thus has different capabilities and, just as important, different known vulnerabilities.

We call this issue fragmentation—as if simply naming a problem solves it. But there are very serious issues caused by fragmentation, and it's never clear with any particular device when or even if it will ever be updated to some future OS version. That fact that Google has forked Android even more for smartphone and table-specific Android versions only further complicates matters.

As I've noted elsewhere, Google doesn't care about any of this, and it benefits from the confusion and mess because it can attract far more licensees (the OS is free, after all), which will make far more devices, and sell them via far more wireless carriers. Consumers, not knowing any better, see their 2-year wireless plan about to expire, head to the wireless store (or website) and research the current "best" phone available. And because these things are shipping literally almost every week, that phone is almost always some Android device. (The exception, perhaps, occurs during the month of any Apple product rollout.) Thus, you can see the genius of Google's evil plan in motion.

I'm not going to tell you not to deploy Android in your business. But I am going to recommend that you think about this issue more carefully, consider using Exchange ActiveSync (EAS) policies to lock down these devices as much as possible, and—yes—look at other options, such as the iPhone, iPad, or Windows Phone, any one of which I prefer over Android. The more I look at Google and Android, the less I like what I see. I suspect that will be the case for many of you as well.

Discuss this Article 19

Nice to see another predictable column from MS Fanboi Thurrott.
Previous letter writers have done a good job summing up your hypocrisies, but just to touch on a few: exactly how many is "a silly number of UIs"? Is that the sort of number that Windows has, when each PC maker tweaks the desktop for its own purposes? And Android is far to dangerous to let near corporate data (in spite of the fact that Android apps are sandboxed just as are other smartphones, but you all but flat-out say they aren't - I hope Penton Media's libel insurance is paid up), but users installing Windows apps which can access anything on their PC isn't? This article reeks of desperation.
Looks like they misprinted Thurrott's title - I think they meant "Windows IT Tool."

I agree with jimmydean and jdtommy, responsibility should be placed in the users hands. This is not a fault of the operating system. There's an Android app out there called Appoozle that rates the permissions of an App before you even download it. Users can use this to become aware and think twice before they install any random app.

Mac user's have been calling Paul out as a tool and a hypocrite for years; I'd like to welcome the Android users to the party.
Odd, that 200M devices that are NOT from Microsoft is a plague of locusts, but the same sales of Windows 7, why that's just God's anointed bringing truth and justice to the world.
Lots of different PCs, that's choice; lots of different phones, that's a horrible "fragmentation".
There's a new schizophrenia surfaces here. When it suits him, Paul can't help but write how Android is "killing" the iPhone. But then he also comes out with this drivel about how evil Android is. News flash: Lastest figures show Android with 42% marketshare, Apple with 28%, and----wait for it---Microsoft with 5.7%. The entity being killed is Microsoft in the mobile market, along with Symbian and RIM and WebOS, et al.
Of course, as others have pointed out, what did you expect on Windows IT "Pro"? Anything rational or unbiased? Paul makes his living from Microsoft's success, so this stupidity is built into his DNA.

Windows Mobile & iOS in the same sentence, really??? Now one more silly fanboy article like this and we will have to complain and make a public spectacle out of Paul. I do not think the demographics of Windows IT Pro suits Paul's writing anymore. We are serious IT managers/professionals that do not have time to care about a newly revamped mobile OS that still does not have copy/paste(WP7). If your Exchange policy cannot control your Android device's then get a new Exchange administrator. M$' ActiveSync Policies work just fine.

This sounds like the early days of Windows Mobile. Different devices from different manufactuers with differernt features. Even PCs went through this same stage. Remember when PCs were made by almsot every company? Eventually certain brands will rise to the top and many others will get out of the market.
Since my company supports many different devices, I try not to think that everyone should use only certain devices. My company would not allow Windows Phone before the latest update because it lacked a few key ActiveSync policies. Android at least supported the basic policies we needed to allow them to be used.
By the way, many of the Android phones come locked from the carrier so that you cannot install apps from unknown sources. I know my HTC Inspire 4G from AT&T came that way and I had to 'Root' it to be able to install those apps. My company procures devices from specific carriers and the devices we procure are locked down.
The only real risk I see about Android is the one you didn't even mention. Google doesn't screen apps for malware before allowing them in the Market. If they would so that simple step and companies only allowed carrier locked phones, there would be no issue. In the mean time, I've installed Lookout on my phone and recommend that any Android user do the same.

A couple of things to remember, smartphones are NOT just phones. Giving kids these devices, especially older ones can bring up security issues. So, like corporate users, users need to be educated. This is not a big deal. Security on as smart phone needs to be addressed int eh same manner as security on a computer ... be cause it is one.
Mark, your comment about Linux / Apache is wrong ... GNU Linux would have been correct, Linux is simply the kernel and it is well designed and (I stand to be corrected) there have been very few attacks against the Linux kernel itself. Apache is a "third party" app running on Linux, not part of it! It can be installed and is usually shipped with the distribution. But that is the reason it is called a distribution, Linux is distributed with other apps, and whatever distro you choose has its own apps with it.
Beyond that, Paul, if you are attempting ot be a rational tech journalist be balanced in your approach. I agree that the permissions model is a bit flaky but it can be understood. But that takes a bit of research. Interesting comment about the UI especially given that Mark Minasai (spelling?) talks of Windows 8 having 3, all in one product that you do NOT get to choose from.
Balance Paul, try keeping balance, Microsoft is a choice, you want people to choose it, because you are sounding like a desperate sales person, give some valid reasons for looking at Windows phone instead of Android, not just your bias.

Lets see....
200 Million Android devices per year are characterized as locusts, cancer and plagues. But when MS announces they have sold 200M Windows 7 licenses per year, he celebrates. Would that not make Windows 7 a cancer as well by that definition?
Wait a minute, didn't Paul just write about how Market Share matters and is the most important thing? I guess that only applies if you are MS and have the market share.
Who wants to bet that when Windows 8 ships on tablets next year, Paul will be cheerleading about "the additional of a single new feature" on some companies brand new Tablet. Then compare that to the ipad and call it the "best tablet ever". Suddenly choice and competition will be wonderful and "each one-upping " will be called a great benefit for consumers.

I can't disagree with many of your technical observations, and those aren't the crux of the point I wish to make in any case. It has been become a hallmark of american business that if you can create a circumstance where the market can be extorted, then do it, and do it with gusto. Naturally, free market forces eventually counter this. What we end up with is a graph that looks like extreme peaks and valleys. If someone comes along, and for their own reasons does a bit of curve smoothing, even with other tradeoffs that we are not completely sanguine with, I think it important to carefully weigh these pros and cons of our symbiotic technology and consumerism. I have no greater love for Google than I do for Microsoft or Apple, but I do like the idea of monkey wrenching the sheer cornucopia of greed that those two built around their own perceived leverages.

I use and love Android. I have an Android phone and tablet. However as the IT manager for a small shop, iOS is easier to support and manage. Sorry Android. I will be interested to see what happens with's Blackberry's acquisition of ubitexx, maybe then we can support Android better. BTW we do support Blackberry, iOS and Android devices connecting to a Lotus Domino server.

Thanks Paul. Excellent article. I happen to be a Senior IT Tech for a major tech corporation that uses smartphone technology internally and, although I personally own and use an Android device (Motorola Atrix), I don't think the devices should be allowed access to internal resources unless IT is prepared and able to secure the devices so that the typical user will not accidentally give hackers free access to proprietary information. By the way, I have the capability and authority of connecting to my internal network, but I choose not to for security purposes..my security! I already see way too many security issues just from users failing to follow the simplest security precautions for their pc's. Give them a phone and they go nuts! I deal with this on a daily basis and I agree this is a user issue, not the OS, but that is what IT has to deal with. PC's, phones, etc, can be made very secure, but then the only ones who could use them would be the IT people. Human nature is to be inquisitive, so we get a new "toy" and start playing with it to see what it will do. Next thing you know, hackers have free access to your "treasure". Android is a wonderful "toy", but for corporate IT it's just too risky for now.
IMHO
Keep up the great writing Paul!

For the IT (business) consumer it's about choice. There was a time long ago where Apple dominated the market. But they chose to keep the prices unnaturally high way too long for cheaper niche products to build and be financially viable. Don't go into the device and feature thing, this competition was played in areas of price, contractual carrier lock-in and -if I forgot to mention- price. Businesses just have to deal with it, as they learned very well to deal with DOS and Windows 3.1.

Really? No to Android for IT?? You're reasons are because of "fragmentation" and malware?? What a hater.
The company I work for has zero issues supporting Android. Why in the WORLD would any company NOT support the leading device OS in the world?? I guess if you're IT dept employs tards, then that makes sense. Fragmenation is hardly an issue in our enterprise. Simply require 2.x version of Android and something like GOOD for Enterprise to get access to work information - done. Simple. If you really want to stick with the same lame reasons to avoid Android in IT, then you should apply it to Windows OS too - get it out of the enterprise. It still leads all OS's for being targeted for malware. It too, faces fragmentation issues to where XP is still VERY prevalent across users. Sounds pretty stupid, yeah?
I believe that by "fragmentation" you MUST mean "choice". One gets to choose between dozens and dozens of Android devices, whereas there's only 3ish iPhone models (one of which doesn't support the current iOS - lame) and less than 10(? - I really don't know or care) Windows phones. You get the same lame look and feel for the latter 2 and super-tight control of what you can do by one of them. LAME. Really, Android users get choice. Go and pick out a device, customize it to your liking, then go and install apps RESPONSIBLY. Yes, that means review all of the apps to make sure they have only the permissions they should for what it does. It really isn't that hard.
Overall, your article just comes off "haterish"

Yay Paul, you managed to flush the Blandroid fans out. These self same people would be patting you on the back and calling you a profit for saying the same thing if WP7 was the subject of the article, instead of Blandroid.

Why does everyone think think Linux is so secure? it's riddled with bugs. the rational behind the 'many-eye' principle was called into serious question since the apache flaw that surfaced the other week (unfixed because there were no in the wild exploits of it?) how many other flaws are there, known about and unfixed because MS is the prefered target?
Pushing out fixes is a real headache in android - what does a company do when a flaw is discovered? precautions/lockdown and 'safe' browsing go so far, but a predictable, timely patch sequence is appreciated and vital. key worry for me is the the lack of sandboxing in the Android platform.

Paul, you really don't know how Android works. Yes, you have to police what you are giving an app access to, but it "Sandboxes" the app to that ability. Each app runs as a individual user on the OS and only has access to what you agreed to give it. So there are "sandboxing techniques" in place in the OS.
It is also not that simple to install an app from an untrusted or alternate market place. You have to tell Android to allow it. I know that the growing popularity of the Amazon App Store encourages people to turn this feature on, but still, the person has to consciously go to the place to download the app, agree to install it, and then agree to what it has access to. It's easier to get malware on any windows OS.

I guess this guy hasn't heard that Android is developed on a Linux based system. Hackers may be trying but since only Microsoft based OS' have the blatant security holes that hackers NEED to operate, you'll notice the number of hacked Android devices is low. If anything people should be worried more about the Windows phones since there is a more established hacker community devoted to creating malware for Microsoft operating systems.
In the end Android is the base which the phone companies can change at their discretion. These "one feature differences" DO NOT come from google, but from the phone company putting the device out. For instance, Verizon android devices have a different market than T-mobile android devices. This is not google, this is the right of each phone company to do.
Linux was developed for tasks just like these. Android is proving how well it can work to have one system shared and individualized to multiple different "flavors."
Both Apple and Microsoft can't compare to that level of individualism in their software.